Merge pull request #64 from imprazaguy/bug_fix_nopam

Bug fix for building without PAM
11 years ago · 75f63e7894
parent 297fdaf1c6 b518a3bfe9
commit 75f63e7894
4 changed files with 24 additions and 41 deletions
--- a/configure.ac
+++ b/configure.ac
@ -69,6 +69,11 @@ then
  fi
 fi

+if test "x$enable_nopam" = "xyes"
+then
+  AC_DEFINE([USE_NOPAM],1,[Disable PAM])
+fi
+
 AS_IF( [test "x$enable_freerdp1" = "xyes"] , [PKG_CHECK_MODULES(FREERDP, freerdp >= 1.0.0)] )

 # checking for libjpeg
--- a/sesman/verify_user.c
+++ b/sesman/verify_user.c
@ -50,12 +50,9 @@ auth_account_disabled(struct spwd *stp);
 long DEFAULT_CC
 auth_userpass(char *user, char *pass, int *errorcode)
 {
-    char salt[13] = "$1$";
-    char hash[35] = "";
-    char *encr = 0;
+    const char *encr;
    struct passwd *spw;
    struct spwd *stp;
-    int saltcnt = 0;

    spw = getpwnam(user);

@ -76,50 +73,19 @@ auth_userpass(char *user, char *pass, int *errorcode)

        if (1 == auth_account_disabled(stp))
        {
-            log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user);
+            log_message(LOG_LEVEL_INFO, "account %s is disabled", user);
            return 0;
        }

-        g_strncpy(hash, stp->sp_pwdp, 34);
+        encr = stp->sp_pwdp;
    }
    else
    {
        /* old system with only passwd */
-        g_strncpy(hash, spw->pw_passwd, 34);
-    }
-
-    hash[34] = '\0';
-
-    if (g_strncmp(hash, "$1$", 3) == 0)
-    {
-        /* gnu style crypt(); */
-        saltcnt = 3;
-
-        while ((hash[saltcnt] != '$') && (saltcnt < 11))
-        {
-            salt[saltcnt] = hash[saltcnt];
-            saltcnt++;
-        }
-
-        salt[saltcnt] = '$';
-        salt[saltcnt + 1] = '\0';
-    }
-    else
-    {
-        /* classic two char salt */
-        salt[0] = hash[0];
-        salt[1] = hash[1];
-        salt[2] = '\0';
-    }
-
-    encr = crypt(pass, salt);
-
-    if (g_strncmp(encr, hash, 34) != 0)
-    {
-        return 0;
+        encr = spw->pw_passwd;
    }

-    return 1;
+    return (strcmp(encr, crypt(pass, encr)) == 0);
 }

 /******************************************************************************/
--- a/xrdp/Makefile.am
+++ b/xrdp/Makefile.am
@ -14,6 +14,7 @@ AM_CFLAGS = \
  $(EXTRA_DEFINES)

 INCLUDES = \
+  -I$(top_builddir) \
  -I$(top_srcdir)/common \
  -I$(top_srcdir)/libxrdp

--- a/xrdp/xrdp_mm.c
+++ b/xrdp/xrdp_mm.c
@ -17,12 +17,15 @@
 *
 * module manager
 */
+#include <config_ac.h>
 #define ACCESS
 #include "xrdp.h"
 #include "log.h"
 #ifdef ACCESS
+#ifndef USE_NOPAM
 #include "security/_pam_types.h"
 #endif
+#endif

 /*****************************************************************************/
 struct xrdp_mm *APP_CC
@ -1071,6 +1074,7 @@ xrdp_mm_sesman_data_in(struct trans *trans)
 }

 #ifdef ACCESS
+#ifndef USE_NOPAM
 /*********************************************************************/
 /* return 0 on success */
 int access_control(char *username, char *password, char *srv)
@ -1183,6 +1187,7 @@ int access_control(char *username, char *password, char *srv)
    return rec;
 }
 #endif
+#endif

 /*****************************************************************************/
 /* This routine clears all states to make sure that our next login will be
@ -1206,6 +1211,7 @@ void cleanup_states(struct xrdp_mm *self)
    }
 }
 #ifdef ACCESS
+#ifndef USE_NOPAM
 const char *getPAMError(const int pamError)
 {      
    switch(pamError){
@ -1333,6 +1339,7 @@ const char *getPAMAdditionalErrorInfo(const int pamError,struct xrdp_mm *self)
    
 }
 #endif
+#endif
 /*****************************************************************************/
 int APP_CC
 xrdp_mm_connect(struct xrdp_mm *self)
@ -1351,10 +1358,12 @@ xrdp_mm_connect(struct xrdp_mm *self)
    char port[8];
    char chansrvport[256];
 #ifdef ACCESS
+#ifndef USE_NOPAM
    int use_pam_auth = 0;
    char pam_auth_sessionIP[256];
    char pam_auth_password[256];
    char pam_auth_username[256];
+#endif
    char username[256];
    char password[256];
    username[0] = 0;
@ -1390,6 +1399,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
        }

 #ifdef ACCESS
+#ifndef USE_NOPAM
        else if (g_strcasecmp(name, "pamusername") == 0)
        {
            use_pam_auth = 1;
@ -1403,6 +1413,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
        {
            g_strncpy(pam_auth_password, value, 255);
        }
+#endif
        else if (g_strcasecmp(name, "password") == 0)
        {
            g_strncpy(password, value, 255);
@ -1421,7 +1432,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
    }

 #ifdef ACCESS
-
+#ifndef USE_NOPAM
    if (use_pam_auth)
    {
        int reply;
@ -1464,7 +1475,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
            return rv;
        }
    }
-
+#endif
 #endif

    if (self->sesman_controlled)